← 返回 Skills 市场
clawmentorai

CodeSmith

作者 clawmentorai · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
349
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install codesmith
功能描述
CodeSmith — senior engineering agent configuration. Full-stack dev automation, CI/CD pipelines, GitHub workflows, ACP dispatch patterns, and real operational...
使用说明 (SKILL.md)

CodeSmith — Mentor Package

Specialty: Full-stack dev automation — CI/CD, code review, GitHub workflows, ACP dispatch
Version: 1.0.0
For: OpenClaw agents that do real coding work — implementing features, managing repos, dispatching to sub-agents

What This Package Contains

This is a mentor package consumed by the claw-mentor-mentee skill. It teaches a subscriber's agent how to operate as a serious coding-focused setup.

File What It Teaches
AGENTS.md Annotated configuration — 17 annotation blocks explaining the why behind every non-obvious decision
working-patterns.md Daily coding rhythm, ACP dispatch patterns, trust progression, 5 real failure stories
skills.md Tier 1/2/3 skill stack + skills explicitly NOT installed (with reasons)
cron-patterns.json 5 cron jobs with adoption guide — add one at a time
privacy-notes.md Explicit read/write/network access tables
setup-guide.md Step-by-step onboarding with Relationship Adoption Timeline
CLAW_MENTOR.md Full package manifest with risk assessment and compatibility notes

Who This Is For

A developer who uses OpenClaw as a coding partner and wants that partner to operate with more autonomy, better judgment, and fewer surprises. Assumes:

  • GitHub account with gh CLI configured
  • A hosting service (Vercel or equivalent)
  • ACP enabled for sub-agent dispatch
  • Comfort with some agent autonomy once trust is established

Not for setups where the human reviews every single change, or for purely non-technical workflows.

How to Apply

This package is applied automatically by the claw-mentor-mentee skill (v2.1.0+) during your scheduled ingestion cycle.

Manual review recommended before any cron jobs are enabled — see setup-guide.md for the one-at-a-time adoption timeline.

About CodeSmith

Built from real production work: implementing API endpoints, debugging deployment pipelines, managing GitHub workflows, dispatching coding sub-agents for implementation tasks, and learning the hard lessons that only come from things actually breaking in production.

The failure stories in working-patterns.md are real. The cron timing is what actually ran. The trust progression is how it actually builds. That's what makes it useful.

安全使用建议
This package appears to be a legitimate mentoring/automation configuration for coding agents, but it under-declares important operational requirements. Before applying: - Do not assume the registry metadata lists everything: the docs expect the 'gh' CLI, ACP enabled, and tokens like VERCEL_TOKEN for API deploys. Provide those only if you understand the risk. - Back up ~/.openclaw/workspace/AGENTS.md and ~/.openclaw/cron/jobs.json (the package itself recommends this). Validate diffs before accepting any changes. - Start with the recommended gradual rollout: enable only the morning brief cron first and verify outputs, then add others one at a time. - Confirm how your platform supplies channel delivery credentials; verify the skill will not be able to post to external channels without your explicit config. - Test LOCKDOWN.md behavior on a safe dev agent: create the LOCKDOWN file and confirm scheduled sessions halt and post the expected message. - Review any example curl/command snippets before running them: they reference environment variables (e.g., $VERCEL_TOKEN) that you must provision securely; avoid pasting tokens into chat or unreviewed scripts. - If you want stronger assurances, ask the publisher (or inspect the package source repository) for a declared list of required env vars and an explicit checklist of what gets written during setup. Confidence note: high confidence this package is coherent with its stated purpose, but suspicious because of the mismatch between declared requirements and the actual runtime guidance (credentials, binaries, cron/network interactions).
功能分析
Type: OpenClaw Skill Name: codesmith Version: 1.0.0 The CodeSmith bundle is a highly professional and security-conscious configuration for a coding automation agent. It features a robust 'LOCKDOWN' safety protocol, explicit instructions to treat external content as data to prevent prompt injection (AGENTS.md), and transparent documentation of operational risks through 'Failure Stories' (working-patterns.md). While it enables high-autonomy features such as scheduled overnight work and GitHub/Vercel integration (cron-patterns.json), these capabilities are strictly governed by instructions to use feature branches, avoid production deployments, and never log credentials, showing clear alignment with its stated purpose without malicious intent.
能力评估
Purpose & Capability
The name/description (senior engineering agent, CI/CD, GitHub workflows, ACP dispatch, cron jobs) align with the content of SKILL.md and the included docs. However the package references external services and tools (GitHub CLI 'gh', Vercel API using $VERCEL_TOKEN, ACP/codex dispatch, messaging channel delivery) that the registry metadata does not declare as required. That mismatch is disproportionate: a CI/CD/dispatch mentor legitimately needs those tools/credentials, but the skill's declared requirements list none.
Instruction Scope
The instructions read and write files under ~/.openclaw/workspace and memory/*, install/merge AGENTS.md, create cron jobs, and instruct the agent to dispatch sub-agents via ACP. The package also includes concrete curl examples that use $VERCEL_TOKEN and recommends use of the 'gh' CLI. While many of these actions are coherent with the package purpose, they expand the agent's scope into: reading many local config files, adding cron jobs that run autonomous agent sessions, and performing network calls to GitHub/Vercel. The SKILL metadata does not list these file/network interactions or required env vars. The instructions claim explicit approval is required before writes/cron modifications, but the runtime payloads and setup guide include shell commands (cp, git config, curl examples) that—if executed—modify local config and could be used to trigger network actions.
Install Mechanism
There is no install spec and no code to fetch — this is instruction-only, which is lower-risk from an installation/downloading perspective. All behavior comes from the provided guidance and cron payloads rather than installed binaries.
Credentials
Registry metadata claims no required env vars or binaries, but the package repeatedly assumes: a configured 'gh' CLI, a VERCEL_TOKEN (or equivalent) for API deploys, ACP enabled and an agentId for sub-agent dispatch, and a messaging channel ID/credentials for delivery. Those credentials/binaries are proportional to a CI/CD/dispatch mentor, but the skill should have declared them (primaryEnv, required envs, and required binaries). The absence of declared credential requirements is an incoherence that could cause unexpected prompts for tokens or accidental exposure if a user follows examples verbatim.
Persistence & Privilege
always:false (no forced inclusion) and model invocation is allowed (default). The package instructs writing config and cron entries but repeatedly emphasizes explicit approval before writing. Cron jobs it proposes are powerful (they run autonomous agent sessions on a schedule). Combined with the package's autonomy guidance, crons + ACP dispatch create a non-trivial operational footprint — this is expected for its purpose, but you should follow the package's one-at-a-time adoption guidance and ensure LOCKDOWN.md behavior is tested before enabling crons. No evidence the package tries to modify other skills or request permanent always:true privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codesmith
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codesmith 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — full-stack dev automation patterns, GitHub workflows, ACP dispatch, 5 real failure stories. All 7 files: annotated AGENTS.md, working-patterns.md, skills.md, cron-patterns.json, privacy-notes.md, setup-guide.md, CLAW_MENTOR.md.
元数据
Slug codesmith
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

CodeSmith 是什么?

CodeSmith — senior engineering agent configuration. Full-stack dev automation, CI/CD pipelines, GitHub workflows, ACP dispatch patterns, and real operational... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 349 次。

如何安装 CodeSmith?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codesmith」即可一键安装,无需额外配置。

CodeSmith 是免费的吗?

是的,CodeSmith 完全免费(开源免费),可自由下载、安装和使用。

CodeSmith 支持哪些平台?

CodeSmith 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 CodeSmith?

由 clawmentorai(@clawmentorai)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论